help.artaro.eu

Content

General Security

Tip: keyboard shortcut Ctrl+F searches in the page contents

Importance of computer security and general online security has been growing steadily. Still many people do not understand the need for added security and safe practices.

That's why we have a list of common misunderstandings and steps to protect yourself online.

Misunderstanding no. 1 - I have nothing interesting on my computer, therefore I do not need protection

Why would you think that hackers want your pictures or documents? They probably don't. You are probably not a celebrity, so they couldn't care less about your vacation photos and videos. Unless you work for government or security agencies or sensitive industries, they do not care about your CV or documents you have in your My Documents folder either.

But cybercriminals do want your computer and your money!

Your computer is a valuable asset for cybercrooks around the world. They use your computer to send spam e-mails, attack and infect other computers, rob valuable information from really important servers, even break in to your bank. And you do not often even notice anything weird! Malicious programs know how to hide themselves and they do not disrupt you too much to get noticed. Staying hidden is their second most important purpose. How would you like police knocking on your door and accusing you of bank robbery or international espionage? Can you prove that you did not do it? Maybe, but they will certainly take your computer for investigation purposes for months, maybe even for years. And you will get it back all empty, without hard drive, because you had spyware, viruses or some other form of malware on it.

And what about your money? You do have bank accounts, credit cards? Malware is capable of stealing your login credentials (including smartcard details) and this gives cybercriminals full access to your bank account. Are you really sure you want to share your paycheck with them?

Misunderstanding no. 2 - hackers are just kids, let them have fun

Yes, a few of them are kiddies looking for fame. But what should make you worried is that cybercrime yearly revenue is more than 100 billion U.S. dollars. Some even state that it is surpassing illegal drug trade by now.

Cybercrime is very profitable and that is why they want your computer!

Hackers create botnets that often consist of hundreds of thousands and even more than million computers just by exploiting security holes that lazy or unknowing users do not care to patch. For example, Conficker botnet (created by guys behind a computer virus with the same name) contains about 4.6 million computers around the world... Think - it's bigger than Amazon, bigger than Microsoft, bigger than Google!

Hackers use those botnets to spread spam and malware, conduct attacks, denial-of-service attacks and illegal break-ins to secret information sites, banks, etc. They do not do it for fun. They get paid to do it.

If your computer is infected, do not ignore it!

Turning a blind eye is not a solution - your infected computer can make lives of hundreds and thousands other people a misery by spamming, attacking or breaking their computers down. Check for viruses and other malware at least once a month!

Misunderstanding no. 3 - I have a patched machine, therefore I do not need antivirus; I have antivirus, therefore I do not need patches

Oh yes you do! A fully patched machine can still be infected with malware. Security patches do not mean that you are safe from viruses that spread via USB sticks or e-mails. Any decent virus protection program now protects your computer from spyware and rootkits, too. But antivirus alone cannot protect your computer at all times - you still need to patch security holes. Sometimes it takes a five-second visit to a seemingly good website that has a small hidden script exploiting unpatched security holes on your computer. This script downloads a small nasty program to your computer without you ever noticing it. And there you have it again - your computer has been hijacked by criminals. This is sad, but many antivirus programs do not catch such malicious scripts.
Cybercriminals use many different ways to hijack a computer, because it pays off. Protection is an all-round attitude. You need security patches and antivirus and antimalware programs to stay protected.

Steps to keep yourself and your computer safe

1. Keep your software up-to-date. This applies to Windows, internet browsers, productivity programs (Word, Excel, OpenOffice.org, LibreOffice) and especially to "black sheep" such as Java, Adobe Flash Player and Adobe Reader.
Most programs have automatic update checks, use these.

• Enable Automatic Updates and Enable Microsoft Update (Windows XP)
• Configure Automatic Updates in Windows Vista
• Configure Automatic Updates in Windows 7
• Use free Secunia PSI (applies to all Windows versions)
• Configure your Internet browser properly to stay safer online (Apple Safari, Google Chrome, Internet Explorer, Mozilla Firefox and Opera)

2. Use different passwords for different computer accounts and online accounts, and make those passwords strong. Keep your passwords safe - do not write passwords on paper, save to an unencrypted file on a computer or type a password into your mobile devices, do not even think about writing security codes on bank cards. Use special software for remembering passwords.

Do not forget to change default passwords for administrative accounts in network-related hardware and software - (wifi) routers, switches, wifi access points, security devices, etc. Botnets and attacks misusing default passwords for spreading are not rare anymore.
Never leave your wifi network open (without a password), do not use WEP or WPA encryption because these are easy to crack. Use only WPA2 encryption for wifi.
Here's a story that you would never want to happen to you.

Do not reveal your passwords to anyone else - ever! No bank, IT support or any other institution requests passwords an user account names via e-mails.

Change your most important passwords at least once a year. Use a program to keep your passwords safe; never write down full passwords or user names.

For online services, such as banks or Facebook, do not use easy questions for recovering your password (what is your pet's name, what is your kid's name, in which town you were born, etc), because the answers are easy to find by visiting your Facebook or Twitter profile. If possible, create your own security question.
Also secure your Facebook profile so that the information described above is visible to friends only.

• Passwords
• Password Safe

3. Use effective anti-virus and anti-malware programs and keep them up-to-date. Yes, you can grab such software for free! Perform a monthly full anti-virus and anti-malware check with free scanners such as ComboFix and Malwarebytes' Anti-Malware.

• Antivirus programs
• Antimalware programs

4. Use other free security software that keeps you away from malicious web sites and protects your information.

• WOT Safe Surfing Tool
• KeyScrambler Personal
• Microsoft EMET

Click here to show or hide the Beware of Spyware Game by OnGuard Online

5. Do not trust attachments and links in e-mails coming from people or organizations unknown to you. Be especially careful with .zip (compressed) and .exe (executable) files! Do not click blindly those Yes and Next buttons everywhere, always consider what you are doing, installing or launching. Stop and think before clicking.

6. Do not believe everything - web sites, social networks (Facebook, Twitter, etc), web advertisements, online conversations (MSN or Live Messenger, Yahoo and AOL Messenger, etc) and e-mails that promise you tons of cash, lotto winnings and expensive goods for free or low price are not safe. Even when those e-mails or messages seem to come from your friend or acquaintance! E-mail sender addresses can be easily forged. Never respond to such e-mails; never click on such advertisements or links.

If you click a link to see something really interesting (a video, shocking news or anything else that grabs your attention) and you are asked to fill a survey or install something, then don't! You do not need to install programs to watch a video, you do not need to fill a survey either. 99,99% of such web pages are scams and phishing or malware distribution pages.

Any web ad that displays scanning progress and then says that you have viruses or malware or anything else bad on your computer is fake! Web advertisements can not scan your computer and these are cybercriminals' tricks to take over your computer by enticing you to buy a fake antivirus program (aka scareware, rogue software). Do not click on such ads!
Read step 3 to select a free and effective anti-virus program and a free and effective anti-malware program. Do not forget to visit Malware Lab's Rogue Gallery to check quickly if you have some scareware installed.

Special note for you, boys - e-mail and online conversation links that promise to show Britney Spears or any other celebrity naked are fake and those web sites try to install malware on your computer and ultimately they will empty your bank account.
Click here to show or hide the Spam Scam Slam Game by OnGuard Online

7. Do not send your personal or financial information (name, birthday, address, phone numbers, user names and password for online [bank] accounts, social security number, passport id, credit or debit card numbers, etc) to people, organizations and web sites you do not know. When someone sends you an e-mail claiming that you can earn thousands or millions of dollars by just letting someone use your bank account for money transfer, then this is a lie. They will steal your money. If you do not know a person or organization, do not trust them.
Click here to show or hide the Identity Theft Face Off Game by OnGuard Online

8. Take control of information you reveal about yourself in social networks (Facebook, Orkut, Twitter, Windows Live, etc). Do not show your personal information to everyone - this can be used in identity theft. Do not accept people you do not know as friends. If possible, use restricted groups for new online friends and display only your first name to them.

• Facebook privacy
• Twitter privacy

Click here to show or hide the Friend Finder Game by OnGuard Online

9. If you think you can't live without P2P (peer-to-peer) programs such as BitTorrent, Soulseek, LimeWire, eMule, etc, make absolutely sure you are not sharing your whole hard drive contents or entire My Documents folder. Make a dedicated download folder for each P2P program and share only that folder! If possible, limit shared file types to MP3 or something alike, but never share documents with extensions such as .doc, .txt, .rtf, .xls, etc.

It is unbelievable what one can find using P2P programs - unprotected files with passwords, credit card, passport and driver license details, PIN codes, etc. Do not give cybercriminals a chance for identity theft!

10. Do not even dream that you are anonymous online. Watch your language and actions; you can be tracked by both criminals and law enforcements. Yes, they can come knocking on your home door.

11. Learn to distinguish between phishing sites and real sites. Real financial sites always use secure transactions, so their addresses must start with https://, not http://. Furthermore, any modern internet browser (such as Internet Explorer 7 and later, Mozlla Firefox 3 and later, Apple Safari, Google Chrome) displays a light green address bar for sites that are absolutely secure - protected by internationally approved security certificates. If address bar goes light green, you're safe!

The easiest method to tell phishing and non-phishing sites apart is to look for misspellings in site address and contents - if you're trying to buy something from eBay, its address is http://www.ebay.com, not http://www.eebay.com or http://www.ebay.com.fakers.cn. Furthermore, phony sites often contain myriad of typos in their contents and headings.

And believe me, your bank will never ask you to enter your credit or debit card details on their web page! If you get an e-mail that your bank account will be suspended unless you enter your card details or login name and password on some web page, just ignore the e-mail and do not click any links in that mail. No trusted organization will ever ask for your personal information (PIN, user name or password, bank card details)  in an e-mail! Never ever!

But go ahead and take a test at VeriSign-sponsored site (they do promote VeriSign a lot there, but the first part of test is really good anyway) and see yourself whether you can spot phishing sites - VeriSign Phish or No Phish?...
Click here to show or hide the Phishing Scams Game by OnGuard Online

Final things to summarize it all

You are not safe online unless you take preventive actions now. Full stop. Go on by reading the next article - What is malware? here at help.artaro.eu.

You can also read how people get scammed (this might look a bit boring in the beginning, but read the seven main principles - these are really good!) at Help Net Security.

Click here to show or hide the Mission: Laptop Security game by OnGuard Online

 Comments? Suggestions? Ideas? Let us know! 

Your name (public):

Your e-mail (will not be displayed):

Title:

Notify me of new comments to this page:

Your comments/suggestions/ideas (no HTML code!)
By adding a comment you agree that help.artaro.eu owners are not responsible in any way for your comment's contents. You take the full responsibility for your comments.
help.artaro.eu owners reserve the right to remove comments that they find unacceptable because of strong language, inappropriate contents, advertising or spamming.
Our Privacy Policy